Dubbed Bashlite by researchers; this malware is written in C with the capability to infect IoT devices especially security cameras (surveillance system) and turn them into a DDoS botnet.

If you haven’t heard of Bashlite before that’s because this malware has several other names such as Lizkebab, BASHLITE, Torlus and gafgyt.

Bashlite can brute force a vulnerable device and steal its login credentials and distributes itself on other devices. Researchers further explained that the malware source code was leaked back in 2015 (it has a dozen of variants in 2016) that revealed that its prime target is Linux-based IoT devices. Until now, researchers have found over 1 million devices manufactured by Dahua Technology being infected with Bashlite malware in Brazil, Colombia and Taiwan.

Most of the infected devices are digital video recorder (DVRs) and Dahua tech has already been informed about the issue.

“The security of IoT devices poses a significant threat. Vendors of these devices must work to improve their security to combat this growing threat. However, as a consumer of these devices, you do have options to improve your security. If you have one of these devices, standard security best practices advice applies,” researchers explained.

Lizard Squad and DDoS:

The use of IoT devices as a botnet is not something new. Previously, Lizard Squad released a Linux-based DDoS tool LizardStresser which has been used to hack CCTV devices and use them to target high profile targets flooding them with as much as 400Gbps of data. The attacks were aimed mostly at gaming platforms, Brazilian financial institutions, ISPs, and government institutions.

During this downtime I'd like to remind you of our services (which have 100% uptime) over at stresser.ru

If you are a website owner and receiving DDoS attacks contact DDoS protection firms like Sucuri or Incapsula — If you own a CCTV camera make sure to remove default login and password and use strong login credentials to avoid them from being misused.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

Add your comments:

is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy